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Description 

Background of the Invention 

1. Field of the invention 

The present invention is related to data storage in 

digital computers generally and more specifically to data 
storage using write once-read many (WORM) devices. 

2. Description of the Prior Art 

Various automated backup techniques have been 
developed for computer systems. Recently, automated 
backup systems have emerged in which the copies of 
the backed up files are stored on write once-read many 
or WORM devices. As the name implies, data can be 
written once to a WORM device and the data stored 
thereon can be read many times. l\4odern WORM de- 
vices are optical devices which provide random access 
to enormous quantities of data. A description of an op- 
tical disk WORM device may be found in 

Gait, Jason, "The Optical File Cabinet: A Random- 
Access File System for Write-once Optical Disks", IEEE 
Computer, June, 1988, pp. 11-22 
An example of a file backup system employing an optical 
disk can be found in 

Hume, Andrew, "The File Motel - An Incremental 
Backup System for UNIX" 1988 Summer Usenix Con- 
ference Proceedings, June 20-24, 1988. pp. 61-72 
A problem which the above file backup system shares 
with many others is that the backup copies of the files 
are not as accessible to users of a computer system as 
the files presently on the system. In some cases, the 
backup copies must be physically retrieved from an ar- 
chive and loaded onto the computer system; in others, 
like the system described in the above publication, the 
files are physically available but must be specifically 
mounted on the file system before they are accessible. 
Further, special tools are often required to deal with the 
backup files. 

Of course, if a file system is stored on media which 
cannot be erased, then the need for backups to protect 
against human mistakes or malice or equipment failures 
is eliminated. The art has thus developed file systems 
In which ail of the data is stored on an optical WORM 
system. One such file system is described in the Gait 
article cited above. While such file systems are essen- 
tially indestructible, they are not without their problems. 
First, since the entire file system is stored on optical disk, 
many disk blocks are wasted on the storage of transient 
files, i.e., files which are created and deleted in the 
course of execution of a program. Second, optical 
WORM devices are still substantially slower than mag- 
netic disk devices, and file system performance suffers 
accordingly. While the speed problem can be alleviated 
by encaching data which has been read from the optical 
WORM device so that there is no need to retrieve it from 



the WORM device for a following read, encachement 
cannot solve the problem of wasted disk blocks. Further, 
though Gait's WORM file system contains substantially 
all of the data that was ever in the file system, it includes 
5 no provision for making backups at times that are sig- 
nificant to the users of the system, and therefore does 
not provide a way of reconstituting a file system exactly 
as it was at such a significant time. 

In The Journal of Systems and Software, vol. 10, 
no. [1], July 1989, USA, pages 15-21, D.A. Canas and 
W.D. Bulgren disclose a file management system for a 
magnetic disk used as a buffer to write-once optical stor- 
age. The data structures of the optical disk file manage- 
ment system permit the current state of stored files to 
be reconstructed from the information retained in the 
magnetic buffer and the previous version of the file per- 
manently stored on the optical disk. 

What is needed, and what is provided by the inven- 
tion of claim 1 , is a file system in which the user can 
select significant times to make backups and in which 
the backups made at these times are as available to the 
user as to any other files. 

A method for dumping a primary file which is stored 
in such a file system is claimed In claim 4. 

Further enhancements of the Invention being pro- 
vided by the subclaims. 

Brief Description of the Drawing 

FIG. 1 is an overview of the file system of the inven- 
tion; 

FIG. 2 is a diagram of a component file system of 

the invention; 

FIG. 3 is a diagram of an operation which alters a 
primary file system in the file system of the present 
invention; 

FIGS. 4A and 4B are diagrams of a dump operation 
in the file system of the present invention; 
FIG. 5 is an oven^iew of a preferred Implementation 
of the present invention; and 
FIG. 6 is an oven/iew of a preferred implementation 
of the subdivision of mass storage device 507. 

Reference numbers in the figures have two parts: 
the two right-most digits are numbers within a drawing; 
the left digit is the number of the drawing in which the 
item Indicated by the reference number first appears. 
Thus, the Item identified by the reference number 117 
first appears In FIG. 1. 

Detailed Description 

The following Detailed Description of a preferred 
embodiment of the invention begins with a discussion 
of the logical structure of the file system of the invention, 
continues with a discussion of the operation of the file 
system of the invention, and concludes with a discus- 
sion of an Implementation of the file system which em- 
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ploys an optical write once-read many optical disk de- 
vice and a magnetic disk device. 

Logical Structure ot the File System: FIGS. 1 and 2 

5 

This discussion of the logical structure of the file 
system first provides an overview of the entire file sys- 
tem of the invention and then provides an overview of a 
component file system in the invention. 

10 

Overview of the File System: FIG. 1 

FIG. 1 is a conceptual overview of file system 101 
of the invention. All information contained in file system 
101 is stored in storage elements (SE) 105. Each stor- ?5 
age element 105 has a storage element address (SEA) 
107 and is randomly accessible by storage element ad- 
dress 1 07. SE 1 05 may be implemented as a block on 
a randomly accessible device such as a magnetic or op- 
tical disk drive or a memory. The total number of possi- 20 
ble storage element addresses 107, ranging from stor- 
age element address 107(0) through storage element 
address 107(max) makes up file address space (FAS) 
103. The size of file address space 103 is, in principle, 
limited only by the size of storage element addresses 25 
107; however, In some embodiments, Its size may be 
determined by the size of the physical devices upon 
which storage elements 105 are stored. 

Each storage element 105 belongs to one of three 
address spaces: read only address space 117, read/ 30 
write address space 11 5, or unused address space 113. 
Storage elements 105 belonging to read-only address 
space 117 are inalterable components ot file system 
101 ; they may be read but neither written nor removed 
from file system 101. Storage elements 105 belonging 35 
to read-write address space 115 are alterable compo- 
nents of file system 101 ; they may be added to file sys- 
tem 101, written to, read from, and removed from file 
system 101. Storage element 105 belonging to unused 
address space 1 1 3, finally, are neither part of file system 40 
101 nor presently available to be added to it. - 

At the beginning of operation of file system 1 01 , all 
storage elements 105 belong to unused address space 
1 1 3; when a storage element 1 05 is required for file sys- 
tem 101, file system 101 moves the storage element 
from unused address space 113 to read/write address 
space 115; when a storage element 105 has become an 
inalterable component of file system 101, file system 
101 moves the storage element from read/write address 
space 1 1 5 to read-only address space 1 1 7. Once a stor- so 
age element 105 is in read only address space 117, it 
remains there. 

Consequently, as file system 101 operates, the number 
of storage elements 105 in unused address space 113 
decreases and the number in read only address space ss 
117 increases. When there are no more storage ele- 
ments 105 in unused address space 113. the user must 
copy the files he needs from file system 101 onto anoth- 



er file system. File address space 1 03 can, however, be 
made so large that it is for practical purposes inexhaust- 
ible. 

For the sake of simplicity. FIG. 1 presents the ad- 
dress spaces as though they were separated by clear 
boundaries in file address space* 103. That is true only 
for unused address space 113. A storage element ad- 
dress HWM 108(c) marks the "high water mark" in file 
address space 103, i.e., the address of the first storage 
element which belongs to neither readAwrite address 
space 1 1 5 nor read only address space 1 1 7. AH storage 
elements having addresses of HWM 108(c) or greater 
belong to unused address space 113. However, any 
storage element 105 having an address less than HWM 
108(c) may belong either to read/write address space 
1 1 5 or read only address space 117. 

File address space 103 contains two kinds of com- 
ponent file systems: primary file system 111 and some 
number of dump file systems 109. Primary file system 
1 1 1 behaves like a standard tile system. Accordingly, all 
of the usual file operations may be performed on files in 
primary file system 111 . Existing files may be read from, 
written to. and deleted; new files may be created. Files 
in dump file systems 109, on the other hand, may only 
be read. As is apparent from these properties, primary 
file system 111 may have storage elements 1 05 belong- 
ing to read/write address space 115 or read only ad- 
dress space 117, while all storage elements 105 of a 
dump file system 1 09 belong to read only address space 
117. The line which appears in FIG. 1 at the top of each 
dump file system 109 represents the value of HWM 108 
(c) at the time the dump file system 109 was created; 
the line is thus labeled with the number of dump file sys- 
tem 109. A number of dump file systems 109 may have 
the same value for HWM 108. Storage elements 105 
belonging to a given component file system may be lo- 
cated anywhere in file address space 103 below HWM 

108 for the file system, and a storage element 105 may 
be shared by more than one component file system. 

A dump file system 109 is created by performing a 
dump operation on primary system 111. The dump op- 
eration has the logical effect of adding those storage el- 
ements 105 in read/write address space 115 which are 
part of primary file system 111 at the time of the dump 
operation to read only address space 117. The dump 
operation in file system 101 is atomic, i.e., no changes 
can be made in the files of primary system 111 during 
the dump operatton. The dump operation accordingly 
consen/es the state of primary file system 1 1 1 at the time 
the dump operation was performed. As a consequence 
of the manner in whk:h the dump operation is performed, 
the dump file systems 109 are ordered in read only ad- 
dress space 117 by the time at which the dump opera- 
tion which created the dump file system 109 was per- 
formed, with the dump file system 1 09 resulting from the 
earliest dump operatton having the lowest HWM 108 in 
read only address space 117 and the dump file system 

1 09 resulting from the most recent dump operation hav- 
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ing the highest HWM 108. The dump file systems 109 
thus represent an ordered set of "snapshots" of past 
states of primary system 111. 

Each component file system is organized as a tree, 
i.e., the storage elements 105 for all of the files in the 
component file system are accessible from a root 121 
in the component file system. As previously indicated, 
storage elements 105 in primary file system 111 may be- 
long to either read/write address space 115 or read only 
address space 117. The storage elements 105 belong- 
ing to read/write address space 115 are those which 
have new contents, i.e.. those which contain parts of pri- 
mary file system 1 1 1 which have been altered since the 
last dump operation. The storage elements 1 05 belong- 
ing to read only address space 11 7 are those which have 
old contents, i.e., those storage elements 105 in which 
portions of the file system are stored which have not 
been altered since the last dump operation. 

As is apparent from the foregoing and the manner 
in which a dump file system 109 is created, the storage 
elements 105 of primary file system 111 which had new 
contents when dump file system 109 was created be- 
long to the addition to read only address space 117 
which was made when the dump operation was per- 
formed and the storage elements 1 05 of primary file sys- 
tem 111 which had old contents when dump file system 
1 09 was created belong to the read only address space 
117 which existed prior to the dump operation and are 
shared with earlier component file systems. This fact is 
indicated In FIG. 1 by shared element pointers (SEP) 
129 In each component file system. The storage ele- 
ments 105 pointed to by these pointers are shared with 
at least one other older component file system. In the 
case of the primary file system 111, such storage ele- 
ments 1 05 are ones whose contents have not been al- 
tered since the last dump operation; in the case of a giv- 
en dump file system 109. the shared element pointers 
129 point to storage elements 105 which were not al- 
tered between the dump operation which created the 
preceding dump file system 1 09 and the dump operation 
which created the given dump file system 109. As is fur- 
ther apparent, a given storage element 105 in read only 
address space 117 is part of every component file sys- 
tem from the dump file system 109 resulting from the 
first dump operation after the given storage element 105 
was Incorporated into primary system 111 to the dump 
file system 109 (if any) produced by the dump operation 
immediately preceding the time at which the contents of 
the given storage element 105 were modified in the 
course of file operations on primary file system 111. 

Each root 121 is itself accessible from location in- 
formation block 119 in each component file system by 
means of root pointer (RP) 1 27, which points to storage 
element 105 which contains root 121 . Additionally, each 
location information block 119 contains dump pointers 
(DPS) 125 to roots 121 in each component file system 
which precedes the component file system to which lo- 
cation information block 119 belongs and a next pointer 



(NP) 123 to the location information block 119 in the 
component file system which succeeds the component 
file system to which location information block 119 be- 
longs. Location information block 119 for the first dump 

5 system 109(1). finally, is at a predetermined address in 
file address space 103. Every file in file system 101 may 
thus be toca\e6 either directly from location informatbn 
block 119(c) in primary file system 111 or indirectly from 
location information block 119(1). The chain of location 

10 information blocks beginning with location information 
block 119(1) is used to reconstruct location information 
block 119(c) in case of a failure of the physical device 
upon which read/write address space 11 5 is implement- 
ed. Location information block 1 1 9(c) serves in effect as 

15 a root for all of the files in file system 101 , and it is con- 
sequently possible for a user of file system 101 to locate 
and read a file in a dump file system 109 in exactly the 
same way as the user would locate and read a file in 
primary file system 111. For example, from the user's 

20 point of view, comparing a version of a file in primary file 
system 111 with a version of the file in a dump file system 
109 is no different from comparing two versions of the 
file in different directories of primary file system 111. 

25 Detailed Structure of a Component File System: FIG. 
2 

FIG. 2 is a diagram of the structure of a component 
file system in file system 1 01 . All of the information which 

30 is contained in the files and which is needed to organize 
the files into a file system is stored in storage elements 
105. All of the component file systems have similar 
structures; however, in dump file systems 109, all of the 
storage elements 105 in the file system belong to read 

35 only address space 117. while primary file system 111 
has some storage elements 105 which belong to read 
only address space 117 and others which belong to 
read/write address space 115. 

The files in the component file systems are hierar- 

40 chical. Each file belongs to a directory and a directory 
may contain files or other directories. The hierarchy has 
the form of a tree with a single root node. The directories 
are internal nodes of the tree and the files are the leaf 
nodes. In a preferred embodiment, there is a single path 

45 through the tree from the root to each leaf node, i.e., no 
file or directory belongs to more than one directory. 

As shown in FIG. 2. component file system 201 has 
two main parts: location information 119 and file tree 
202. Beginning with file tree 202. tree 202 has two kinds 

so of elements: directory blocks (DB) 219, which represent 
directories, and data blocks (DATA) 225, which contain 
the data for a file. Directory blocks 21 9 contain two kinds 
of entries: file entries (FE) 221 , which represent files be- 
longing to the directory, and directory entries (DE) 223, 

55 which represent directories belonging to the directory. 
There is one file entry 221 and one directory entry 223 
for each file and directory belonging to the directory. A 
file entry 221 contains data pointers (DATA PTRS) 229 
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to the data blocks 225 which contain the tile's data; a 
directory entry 223 contains a directory pointer (DIR 
PTR) 231 to directory block 219 for the directory repre- 
sented by directory entry 223. As will be explained in 
more detail below, data blocks 225 and directory blocks 
21 9 may be shared with other older component file sys- 
tems; when that is the case, the data pointers 229 to 
those data blocks and the directory pointers 231 to those 
directories are shared element pointers 129. 

Location information 119 has three components in 
a preferred embodiment: superblock (SB) 203, dump list 
(DL) 211 . and free list (FRL) 207. Superblock 203 con- 
tains pointers by which the other parts of a component 
file system can be located, is pointed to by next pointer 
123 belonging to the preceding component file system, 
and itself contains next pointer 123 to superblock 203 
for the following component file system. In the case of 
superblock 203 for primary file system 111, the super- 
block contains HWM 108(c). These contents are ar- 
ranged in superblock 203 as follows: HWM 1 08 contains 
HWM 108(c) in primary file system 111 and the value of 
HWM 108(c) at the time the dump operation was per- 
formed in dump file systems 109. NP 123 contains next 
pointer 123 in dump file systems 109; RP 127 is the 
pointer to root 121 for the component file system; DLP 
27 is a pointer to dump list 211 ; FRLP 205 is a pointer 
to free list 207. 

Dump list 211 contains a list of all of the dump file 
systems 109 which precede the component file system 
to which dump list 211 belongs. Each entry (DLE) 213 
in dump list 211 has two parts: dump identifier 215 and 
dump pointer 21 7. Dump identifier 21 5 is a unique Iden- 
tifier which identifies the dump file system 109 repre- 
sented by dump list entry 213; in a preferred embodi- 
ment, dump identifier 215 specifies the time and date at 
which the dump operation which created dump file sys- 
tem 109 was carried out. Dump pointer 217 is a pointer 
to root 1 21 for the dump file system 109 represented by 
dump list entry 213. Taken together, the dump pointers 
in dump list 21 1 thus make up dump pointers (DPS) 1 25. 

Free list 207, finally, is a list of addresses 107 of 
storage elements 105 which are no longer part of un- 
used address space 113 but are not presently part of 
primary file system 111. For example, if a new file Is cre- 
ated in primary file system 111 after the last dump op- 
eration and then deleted before the next dump opera- 
tion, the addresses 107 of the storage elements 105 
from the deleted file are placed on free list 207. Free list 
207 is an Important advantage of file system 101 , since 
it permits the set of storage elements 105 belonging to 
read/write address space 115 to fluctuate between 
dump operations without a corresponding fluctuation of 
unused address space 113. 

Though free list 207 is part of every component file 
system, it has significance only in primary file system 
111, where it is the source of storage elements 105 to 
be added to primary file system 111. and the most recent 
dump file system 109, where it is used to reconstitute 



primary file system 1 1 1 's free list 207 after a destruction 
of primary file system 111. When free list 207 in primary 
file system 111 becomes empty as a result of Incorpo- 
ration of free storage elements 105 into primary file sys- 

5 tern 111, file system 1 01 obtains a new storage element 
105 from unused address space 11 3 by adding the cur- 
rent value of HWM 1 08(c) to free list 207 and increment- 
ing HWM 108 in superblock 203. 

As previously mentioned, the storage elements 1 05 

10 making up primary f i le system 1 1 1 belong to either read- 
write address space 115 or read only address space 
1 1 7. In more detail, the storage elements 1 05 containing 
the components of location information 1 1 9 and root 1 21 
always belong to read/write address space 1 1 5, as do 

IS the storage elements 105 on free list 207. The parts of 
tree 202 are in read/write address space 1 1 5 as follows: 
Any directory block 219 which is part of a path to a file 
which is presently open for an operation which alters the 
file is contained in a storage element 105 in read/write 

20 address space 115; Any data block 225 which has been 
written to since the last dump operation is contained in 
a storage element 1 05 in read/write address space 115. 

The technique by which storage elements 105 con- 
taining new contents replace those with shared contents 

25 will be explained In detail below. 

Performing Operations on Component File 
Systems: FIG. 3 

30 Operations on file systems can be divided into two 
classes: those which alter the file system and those 
which do not. Operations of the second class, termed 
hereinafter read operations, can be performed in the 
usual manner on any component file system of file sys- 
35 tem 101 . Operations of the first class, termed hereinafter 
write operations, may be performed only on files and di- 
rectories In primary file system 111. FIG. 3 shows how 
two of the write operations, file open and file write, are 
performed In a simple example primary file system 111 
40 which contains exactly one file. Each block in FIG. 3 con- 
tains a number In parenthesis Indicating the type of com- 
ponent represented by the block and an indication of the 
address space to which the storage element 105 con- 
taining the component belongs. Thus, root 121 is a di- 
45 rectory block 219 and belongs to read/write address 
space 115. 

The portion of FIG. 3 labeled 301 shows the exam- 
ple primary file system 111 at a time after the last dump 
operation but before the single file has been opened. 
so Only root 1 21 belongs to readAvrite address space 11 5; 
the remaining components. Including directory 303 to 
which the file bebngs and the data blocks 305 and 307 
for the file belong to read only address space 117. i.e.. 
directory 303 and data blocks 305 and 307 are shared 
ss at least with dump file system 109 made by the last 
dump operation, as indicated by pointer 302 from root 
121 for the Immediately preceding dump file system 
109. 
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The next portion, labeled 309. shows the example 
primary file system 1 11 at a time after the single file has 
been opened for writing but before any file write opera- 
tion has occurred. Because the file has been opened, it 
must have a directory block 219 in read/write address s 
space 115. This directory block 219, which has the 
number 311 In the FIG., is made by taking a storage el- 
ement 105 from free list 207, copying the contents of 
directory block 303 into directory block 311 , and chang- 
ing pointer 231 in root 121 to point todirectory block 311 
instead of directory block 303. Data blocks 305 and 307 
are now pointed to by both directory block 303 and di- 
rectory block 311, as indicated by 312 and 304, repre- 
senting data pointers 229 pointing to the data blocks. 

The final portion, labeled 313, shows the example 
primary file system 111 after a file write operation which 
has altered data originally contained In data block 307. 
The altered data requires a new data block, block 315, 
which belongs to the read/write address space 115. 
Block 315 Is taken from free list 207 as before and the 
data pointers 229 in directory block 31 1 are reset so that 
block 31 5 takes the place of block 307. Then the altered 
data Is written to block 31 5. At the end of the operation, 
file entry 221 for the file in directory 311 points to blocks 
305 and 31 5. as indicated by pointer 31 7, while file entry 
221 for the file in directory 303 still points to blocks 305 
and 307 as indicated by pointer 304. Thus, the original 
file is retained in dump file system 109 and the altered 
file in primary system 111 . 

Other standard file operations are performed anal- 
ogously. For example, when a file is created, a new file 
entry 221 for the file is made in a directory block 21 9; if 
the directory block 21 9 already belongs to read/write ad- 
dress space 115, the new file entry is simply added to 
the directory block 219; otherwise a new directory block 
21 9 is made as described above for the open operation 
and the new file entry 221 is added to the new directory 
block. In the case of a file delete operation, only those 
data blocks of the file to be deleted which belong to read/ 
write address space 115 can be deleted; this is done by 
returning the addresses of storage elements 105 con- 
taining the deleted data blocks 225 to free list 207. At 
the same time, the file entry 221 in the directory block 
21 9 for the directory to which the file belongs Is also de- 
leted. If all of the file entries 221 and directory entries 
223 in a directory block 219 are deleted, that block's 
storage element 105, too, is returned to free list 207. As 
shown by the delete example, a particular advantage of 
file system 101 is that changes in primary file system 
111 which affect primary file system 111 for a period 
which Is less than the period between dump operations 
take place in read/write address space 115 and do not 
add storage elements 105 to read only address space 
117. 

The Dump Operation: RGS. 4 A and 4B 

In broad terms, the dump operation creates a dump 



file system 109 by moving storage elements 105 in pri- 
mary file system 1 1 1 which belong to read/write address 
space 115 from read/write address space 115 to read 
only address space 117 and reestablishing the parts of 
primary file system 111 which must be presently altera- 
ble in read/write address space 115. In a preferred em- 
bodiment, the algorithm for performing the dump oper- 
ation is the following: Set next pointer 1 23 in superblock 
203 for primary file system 1 1 1 to HWM 1 08; Add all stor- 
age elements 105 for primary file system 111 which be- 
long to read/write address space 115 and which are not 
on free list 207 to read only address space 117; Rees- 
tablish primary file system 111 in read/write address 
space 115 by doing the following: Copy the contents of 
superblock 203 to storage element 105 having HWM 
108 as its storage element address 107 to make a new 
superblock 203 for the primary file system 111 and in- 
crement HWM 108 In the new superbkxk 203 to point 
to the next storage element 105; Taking storage ele- 
ments 105 from free list 207, copy location information 
119 and root 121 to the storage elements 105; Update 
the pointers In the new superblock 203 to point to the 
location information 1 1 9 and root 1 21 In the storage el- 
ements 105 taken from free list 207; Add an entry for 
the new dump file system 1 09 to dump list 211; and For 
every file in primary file system 111 which is open at the 
time of the dump operation, walk tree 202 from root 121 
In new read/write address space 115 to directory block 
219 which contains file entry 221 for the file; for each 
directory block 21 9 encountered in the walk which is not 
yet In new read/write address space 115, copy the di- 
rectory block 219 to a storage element 105 taken from 
free list 207 and alter directory entry 223 and any copies 
of information from directory entry 223 in the computer 
system to which file system 101 belongs to point to the 
new copy. 

The algorithm is performed atomically i.e., no 
changes to file system 101 other than those required for 
the algorithm are permitted during execution of the al- 
gorithm. 

In an alternative embodiment, the contents of su- 
perblock 203 may be copied to a new superblock 203 
taken from free list 207, next pointer 123 updated to 
point to the new superblock 203, and then all storage 
elements 105 In read/write address space 115 other 
than the new superblock 203 added to read only ad- 
dress space 117. 

FIG. 4 shows how the dump operation works in a 
primary file system 111 which contains exactly one di- 
rectory in which there is exactly one closed file. Again, 
each box in the file contains a reference number indi- 
cating what kind of component of primary file system 1 1 1 
the box represents and an indication of which of the ad- 
dress spaces 115 and 117 the component belongs to 
part 402 of FIG. 4 shows primary file system 401 as it 
exists at the time of the dump: Components 401, 403, 
and 405, making up locatbn information 119, root 407 
and directory block 409 all belong to read/Write address 
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space 115; the file has one data block 411 which has 
not been altered since the last dump operation, and con- 
sequently belongs to read only address space 117; the 
other data block 413 has been altered, and so belongs 
to read/write address space 115. s 

Part 415 of FIG. 4 shows primary file system 415 
as it exists after completion of the dump: components 
401 -409 and 41 3 have all been moved to read-only ad- 
dress space 117, copies 417-423 in read/write address 
space 115 have been made of components 401-407, 
pointers in the copies of location information 119 have 
been set so that root pointer 1 27 points to new root 423 
and dump pointer 217 points to old root 407, and next 
pointer 123 in old super block 401 has been set to point 
to new superblock 417. If the file had been open, there 
would additionally have been a copy of directory block 
409. and new root 423 would point to the copy. 

Replacing Primary System 111 With a Dump File 
System 109 

An advantage of file system 101 is that primary file 
system 111 may be easily replaced by any of the dump 
file systems 109. Replacement is done by performing 
the following steps, again atomically: Except for those 
which contain location information 119, return the ad- 
dresses of all storage elements 105 in primary file sys- 
tem 1 1 1 which belong to read/write space 1 1 5 to free list 
207; Using dump pointer 217 for the dump file system 
109 which is replacing primary file system 111, locate 
root 121 for the dump file system 109 and copy root 1 21 
into a storage element 105 from free list 207; Replace 
root pointer 1 27 in superblock (SB) 203 with a pointer 
to the copy of root 1 21 for the dump file system 1 09. 

If a failure In the computer system to which the file 
system belongs has resulted in the loss of location in- 
formation 1 1 9, the location information 1 1 9 may be cop- 
ied from location information 119 in the most recent 
dump file 109. In this case, if the dump file system 109 
which is replacing primary file system 111 is the most 
recent dump file system 109, then the second step 
above is omitted. 

Implementation of File System 101 on a ReadAwrite 
Mass Storage Device and a WORM Storage Device: 
FIGS. 5 and 6 

In a preferred embodiment, file system 101 is im- 
plemented using a read-write mass storage device and 
a WORM storage device. In the following, there will first 
be presented an oven/iew of the implementation and the 
relationship of its components to file address space 1 03; 
then details of the organization of the read/write mass 
storage device will be presented, followed by details 
concerning the operation of the preferred embodiment. 



Overview of the implementation: FIG. 5 

FIG. 5 is a high-level block diagram of a preferred 
implementation of file system 101. Implementation 501 
has three main components: file sen/er 503. random ac- 
cess read/write mass storage device 507, and random 
access write once-read many (WORM) devrce 511 . File 
server 503 is a computer system which is employed in 
a distributed system to perform file operations for other 
components of the distributed system. In the preferred 
implementation, file server 503 is a VAX 750, manufac- 
tured by Digital Equipment Corporation. The file opera- 
tions which it performs for other components are sub- 
stantially the same as those defined for the well-known 
UNIX® operating system. File server 503 controls oper- 
ation of the other components of implementation 501. 
Mass storage device 507 in a preferred embodiment is 
120 megabytes of storage on a magnetic disk drive. 
WORM device 511 is the WDD-2000, a 1.5 gigabyte 
write-once optical disk manufactured by Sony, Inc. 

The storage in both mass storage device 507 and 
WORM device 511 is divided Into blocks of the same 
size. These blocks make up the storage elements 105 
of the implementation. The blocks in mass storage de- 
vice 507 appear in FIG. 6 as disk blocks (DB) 509 and 
those In WORM device 511 appear as WORM blocks 
(WB) 51 9. As will be explained in more detail later, disk 
blocks 509 correspond to certain WORM blocks 51 9. 
Such correspondences are indicated by letter suffix. 
Thus, disk bkx:k 509(a) corresponds to WORM block 
519(a). File server 503 may both read and write disk 
blocks 509 many times; it may read WORM blocks 519 
many times, but write them only once. These facts are 
indicated in FIG. 5 by read/write operations arrow 505 
connecting file server 503 and mass storage device 507 
and the separate write once operation arrow 51 3 and 
read operation arrow 51 5 connecting file server 503 and 
WORM device 511. They are further indicated by the 
division of WORM device 511 into unwritten portion 515 
containing WORM blocks 519 which have not yet been 
written and written portion 517, containing written 
WORM blocks 519. Since WORM device 511 is random 
access, written and unwritten blocks may be physically 
intermixed. 

Before a dump operation, the relationship between 
disk blocks 509 and WORM blocks 51 9 and file address 
space 103 is the following: Written WORM blocks 519 
belong to read-only address space 117, as do corre- 
sponding disk blocks 509; such disk blocks 509 contain 
copies of the contents of the corresponding WORM 
blocks 51 9; Disk blocks 509 which correspond to unwrit- 
ten WORM blocks 519 bebng to readyWrlte address 
space 115, as do the corresponding unwritten WORM 
blocks 519, which are reserved to receive the contents 
of the corresponding disk blocks 509 after a dump op- 
eration is performed, as indicated by the label "dump 
space 516" in their portion of WORM device 511; Un- 
written WORM blocks 51 9 which have no corresponding 
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disk bicxks 509 bebng to unused address space 113. 

As implied by the above, disk blocks 509 wjiicli cor- 
respond to written WORM blocks 519 and those which 
correspond to unwritten WORM blocks 51 9 have funda- 
mentally different functions in file system 101. That is s 
shown in FIG. 5 by the division of mass storage device 
507 into two parts: read only cache 506 and read/write 
store 508. Again, since mass storage device 507 is a 
random-access device, disk blocks 509 belonging to ei- 
ther subdivision may be located anywhere in mass stor- 
age device 507. 

Disk bk)cks 509 corresponding to written WORM 
blocks 51 9 serve as a cache 506 of those blocks. Mass 
storage device 507 has a faster response time than 
WORM device 511 , and consequently, when file server 
503 reads a written WORM block 519 from WORM de- 
vice 511 , It places a copy of that WORM block 51 9 in a 
disk block 509 so that it Is available there If it is needed 
again. As is generally the case with caches, cache 506 
contains copies of only a relatively small number of the 
most recently read WORM blocks 519. While cache 506 
substantially enhances performance, it is not necessary 
to an implementation of file system 101 . 

Disk blocks 509 corresponding to unwritten WORM 
blocks 519, on the other hand, are the actual storage 
elements 1 05 for read/write address space 1 1 5 and are 
therefore essential to operation of file system 1 01 . There 
must be a disk block 509 in read/write store 508 for every 
storage element 105 which is a part of primary file sys- 
tem 111. Since dump space 516 is reserved to receive 
the contents of read/write address space 115 when a 
dump operation is performed, there must be a WORM 
block 519 in dump space 516 corresponding to every 
disk block 509 in read/write store 508. Additionally, there 
must be a WORM block 519 in dump space 516 corre- 
sponding to every storage element 105 on free list 207. 
The storage elements 105 on free list 207, however, 
need not have corresponding disk blocks 509 belonging 
to read/write store 508. Accordingly, when free list 207 
becomes empty and a storage element 105 must be 
added to read/write address space 115, dump space 
516 must be expanded by one unwritten WORM block 
51 9. As indicated by the presence of H WM 1 08(c) at the 
end of dump space 516, that is done by incrementing 
HWM 108(c). 

For a time after completion of a dump operation, 
mass storage device 507 contains a third subdivision: 
dump store 510. Dump store 510 contains disk blocks 
509 which are storage elements 105 which have been 
added to read only address space 117 by the dump op- 
eration. A disk bkx:k 509 remains in dump store 510 until 
Its contents have been copied into the corresponding 
WORM block 519 in dump space 516. Upon being writ- 
ten, the WORM block 519 becomes part of read-only 
address space 1 1 7 and its corresponding disk block 509 
becomes part of read-only cache 506. 

As will be explained in more detail later, the actual 
dump operation in a preferred implementation simply 



marks disk bkx^ks 509 which contain parts of primary 
file system 111 which are in read/write address space 
115 as belonging to dump store 510. As soon as this is 
done, normal file operations continue. These operations 
treat components of primary file system 111 which are 
stored in disk blocks 509 belonging to dump store 510 
as part of read-only address space 1 1 7. White these op- 
erations are going on, a dump daemon which executes 
Independently In file server 503 copies the contents of 
the disk blocks 509 to the corresponding WORM blocks 
51 9 in dump space 516. Once a disk block 509 has been 
copied, It is marked as belonging to read-only cache 
506. 

It should be pointed out at this point that file address 
space 103 may be larger than the address space of 
WORM device 511. To begin with, unused address 
space 113 may extend beyond the top address in 
WORM device 511. Further, as long as all storage ele- 
ments 105 belonging to the component file systems be- 
ing operated on by file system 1 01 are on WORM device 
511, read-only address space 1 1 7 can extend below the 
lowest address in WORM device 511 . 

Implenfientatlon of the Subdivisions of Mass 
Storage Device 507: FIG. 6 

In a preferred implementation, correspondences 
between disk blocks 509 and WORM blocks 519 and 
division of mass storage device 507 into read only cache 
506, read/write store 508, and dump store 510 are es- 
tablished by means of a mass storage map 603, shown 
In FIG. 6. In the preferred Implementation, mass storage 
map 603 is a data structure in virtual memory 611 of file 
sender 503. Since mass storage map 603 is used In eve- 
ry file operation performed by file system 101 , it Is gen- 
erally present in the main memory of file server 503 and 
therefore rapidly accessible to file sen/er 503. 

Map 603 is an array of map entries 605. There is a 
map entry 605 for each disk block 509 which is part of 
mass storage device 507, and the address of the disk 
block 509 represented by a given map entry 605 may 
be calculated from the index of the given map entry 605 
in the array, as is indicated by the arrows connecting the 
first and last map entries 605 In map 603 to the first and 
last disk blocks 509 in mass storage device 507. 

Moreover, the number of WORM bk)cks 519 In 
WORM device 511 is an integer multiple m of the 
number boi disk blocks 509 and map entries 605. Con- 
sequently, the index (I) of a map entry 605 may be com- 
puted from a WORM block address (WBA) by the oper- 
ation WBA MOD m, and the disk block 509 represented 
by a given map entry 605 may correspond to any WORM 
block 51 9 for which I = WBA MOD m, where I is the index 
of the given map entry 605. 

Each map entry 605 contains two fields. The first, 
storage element address field 607, contains storage el- 
ement address 107 representing WORM block 519 cor- 
responding to disk block 509 represented by map entry 



15 



20 



2S 



30 



35 



40 



45 



SO 



8 



15 



EP 0 466 389 B1 



16 



605. In a preferred implementation, storage element ad- 
dress 107 is simply a WORM block address. The second 
field, disk block state 609, indicates the present state of 
disk block 509 represented by map entry 605. There are 
four states: Not bound: There is no WORM block 519 s 
corresponding to disk block 509; Read only: Disk block 
509 corresponds to the WORM block 519 specified by 
field 607. The WORM block is a storage element 105 
belonging to read only address space 117, disk block 
509 contains a copy of WORM block 51 9's contents, and io 
disk block 509 belongs to read only cache 506. Read/ 
write: Disk block 509 corresponds to the WORM block 
519 specified by field 607. The WORM block 519 be- 
longs to dump space 516, disk block 509 is a storage 
element 1 05 of primary file system 1 1 1 which is in read/ t5 
write address space 115, and disk block 509 belongs to 
read/write store 508. Dump: Disk block 509 corresponds 
to the WORM block 519 specified by field 607. The 
WORM block 519 belongs to dump space 516, disk 
block 509 represents a storage element 105 in readonly 20 
address space 1 1 7, and disk block 509 belongs to dump 
store 51 0. 

Implementation 501 operates as follows: when a file 
read operatbn is performed, file server 503 uses the 
storage element address 107 of the storage element 25 
105 to be read to locate a map entry 605. That address 
is termed herein address "A". What then happens de- 
pends on whether there is a disk block 509 correspond- 
ing to WORM block 51 9 addressed by A in mass storage 
device 507. If there Is, field 607 In map entry 605 located 30 
by address A will contain address A. If it does and the 
map entry 605 is In the read only, read/write, or dump 
states, disk block 509 represented by map entry 605 
contains the desired data and file sender 503 reads the 
contents of disk block 509. 3S 

If there is' not a disk block 509 corresponding to 
WORM block 519 in mass storage device 507 but the 
map entry 605 indicates that the disk block 509 it repre- 
sents has the read only state, file server 503 copies the 
contents of WORM block 519 specified by address A 40 
into disk block 509 corresponding to map entry 605 and 
writes address A Into field 607. If map entry 605 indi- 
cates the read/write or dump state, file server 503 can- 
not overwrite the contents of disk block 509 correspond- 
ing to map entry 605 and simply fetches the data from 
WORM block 519. If map entry 605 Indicates the not 
bound state, finally file server 503 fetches the data from 
WORM block 519, copies it into disk block 509 corre- 
sponding to map entry 605, writes address A into field 
607, and sets DBS 609 to indicate the read only state, so 

When an operation which alters a file is performed, 
file server 503 again uses storage element address 107 
A to locate a map entry 605. If field 607 in map entry 
605 contains A and indicates the read only or dump 
states, file sen/er 503 takes a storage element address ss 
107 B from free list 207 and uses address B to locate a 
second map entry 605. If this map entry 605 is in the not 
bound or read only states, file server 503 copies the con- 



tents of the disk block 509 represented by the map entry 
605 addressed by A to the disk block 509 represented 

by the map entry 605 addressed by B, sets field 607 in 
that map entry 605 to address B, and field 609 to indicate 
the read/write state. Pointers are updated in the file 
structure as already described and alterations are made 
to the disk block 509 represented by map entry 605 ad- 
dressed by B. If the second map entry 605 is in the dump 
or read/write states, file server 503 takes another ad- 
dress from free list 207 and tries again. 

If address A Is different from the address in field 
607, then If map entry 605 indicates the read only state, 
file server 503 copies the WORM block 519 addressed 
by A into the disk block 509 represented by entry 605, 
sets the fields of map entry 605 accordingly, and pro- 
ceeds as described above for map entries 605 In the 
read only state. If map entry 605 indicates the read/write 
state or dump state, file server 503 immediately copies 
the contents of disk block 509 represented by map entry 
605 to the corresponding WORM block 519, which plac- 
es disk block 509 in the read only state, and then pro- 
ceeds as just described for map entries 605 indicating 
the read only state. 

When file sen/er 503 deletes a file, it locates map 
entry 605 for each disk block 509 which is a data block 
225 In the file. If there is no entry, or if the map entry 605 
indicates the read only or dump states, the file server 
503 does nothing; If the map entry 605 indicates the 
read/write state, the file sen/er 503 adds the storage el- 
ement address 107 of the corresponding WORM block 
51 9 to free list 207 and places the map entry 605 for the 
disk block 509 into the not bound state. 

To begin a dump operation, file server 503 goes 
through map 603 and places all map entries 605 which 
are in the read/write state in the dump state. It then re- 
establishes primary file system 111 as previously de- 
scribed using the file operations just described. At this 
point, the dump operation is finished. In a preferred em- 
bodiment, the operation takes about 1 0 seconds. During 
that time, file system 101 is unavailable for use. While 
file server 503 continues normal file operations, a dump 
daemon process operating in file server 503 writes the 
contents of all disk blocks 509 represented by map en- 
tries 605 Indicating the dump state to their correspond- 
ing WORM blocks 519. When the write of a disk block 
509 is completed, DBS field 609 is set to Indicate the 
read only state. 

In an alternative embodiment, there may be an ad- 
ditional state, "old superblock" for disk blocks 509. In 
such an embodiment, when a dump operation begins, 
the disk block 509 containing superblock 203 for primary 
file system 111 is placed in the "old superblock' state 
until the address of disk block 509 for the new super- 
block 203 has been taken from free list 207 and copied 
into superblock 203. At that point, disk block 509 con- 
taining superblock 203 is placed in the dump state. 
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Conclusion 

The foregoing Detailed Description has disclosed 
to one of ordinary skill In the arts to which the invention 
pertains how file system 101 of the invention may be 
implemented. While a preferred embodiment of file sys- 
tem 101 is implemented using a magnetic disk drive and 
a WORM optical disk drive, file system 101 may be Im- 
plemented using any devices which provide random-ac- 
cess read many-write many storage and random-ac- 
cess write once-read many storage. 



Claims 

1. A file system for use in a computer system having 
read-write (509) and write once/read many (519) 
storage elements for storing file contents, the file 
system comprising: 

at least one primary file (111) whose contents 
include old contents (303, 305, 307) which are 
stored in written ones of the write once/read 
many storage elements and new contents (31 1 , 
315) which are stored in the read-write ele- 
ments and 

means for performing file operations (503) the 
file operations including at least a write opera- 
tbn and a separate dump operation, the write 
operation operating to write the new contents 
to the read-write storage elements wherein a 
correspondence between the read-write ele- 
ments In which new contents are stored and un- 
written write once-read nfiany elements exists 
at the time the new contents are stored and the 
dump operation operating to write the new con- 
tents of a given read write element to corre- 
sponding unwritten ones of the write once/read 
many storage elements and the new contents 
being written to the unwritten ones of the write 
once/read many storage elements only in re- 
sponse to a dump command, and at no other 
time, the dump operation operates to reestab- 
lish the primary file such that the reestablished 
primary file contains only oki contents including 
the new contents being written to unwritten 
ones of the once-write/read many storage ele- 
ments by the dump operation, and 
the dump operation having 
a first part in which the read-write elements in 
which new contents are stored are atomatically 
marked as having been dumped; and 
a second part in which the marked read-write 
elements are nonatomatically written to their 
corresponding unwritten write once-read many 
elements (516). 

2. The file system set forth in claim 1 wherein: 



all contents of the primary file which have not 
been altered since the last dump operation are old 
contents and all contents of the primary file which 
have been added or altered since the last dump op- 
5 eration are new contents. 

3. The file system set forth in claim 2 wherein: 

the file operations further include read opera- 
10 tions which read the contents of a file; 

the dump operation further operates to create 
a secondary file which consen^es the state of 
the primary file at the time of the dump opera- 
tion and whose contents are stored In the write 
IS once/read many storage elements written by 

the dump operation and in the write once/read 
many storage elements which contained the 
old contents at the time the dump operation is 
performed; and 
20 the read operations only may be performed on 

the secondary file using an interface which is 
the same as that used for read operations on 
the primary file. 

2S 4. A method for dumping a primary file which is stored 
in a file system having read-write (509) and write 
once/read many (519) storage elements for storing 
file contents, the file's contents including old con- 
tents (303, 305, 307) which are stored in written 

30 ones of the write once/read many storage elements 
and new contents (31 1,315) which are stored in the 
read-write elements, the method comprising the 
steps of: 

35 as part of the operation of storing new contents 

in a given read-write storage element, estab- 
lishing a correspondence between the given 
read-write storage element and a given unwrit- 
ten write once/read many storage element; and 

40 in response to a dump comnnand. and at no oth- 

er time, copying the contents of the read-write 
storage elements to the corresponding unwrit- 
ten write once/read many storage elements 
(516). 

45 the step of copying the new contents to the cor- 

responding unwritten write once/read many 
storage elements includes the steps of 
atomatically marking all of the read-write stor- 
age elements which contain the new contents; 

so and 

nonatomically copying the contents of the 
marked read-write storage elements to their 
corresponding unwritten write once/read nnany 
storage elements. 

55 

5. The method set forth in claim 4 and further compris- 
ing the step of: 

creating a secondary file whrch consen^es the 
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state of the primary file at the time of the dump com- 
mand and whose contents are stored in the write 
once/read many storage elements written in re- 
sponse to the dump command and in the write once/ 
read many storage elements containing the old con- 
tents at the time of the dump command. 

6. The method set forth in claim 5 wherein: 

predetermined old contents of the primary file 
are additionally stored in the read-write storage 
elements; 

the step of creating the secondary file further 
includes the step of further atomically marking 
all of the read-write storage elements which 
contain the new contents to indicate that the 
read-write storage elements contain old con- 
tents. 



Patentanspruche 

1. Dateisystem zur Verwendung in einem Computer- 
system mit Schreib-ZLese- (509) und einmal be- 
schreibbaren und mehrfach lesbaren (519) Spei- 
cherelementen zur Speicherung von Dateiinhalten, 
wobei das Dateisystem folgendes umfaBt: 

mindestens eine Primardatei (111), deren In- 
halte alte Inhalte (303, 305. 307), die in be- 
schriebenen der einmal beschreibbaren und 
mehrfach lesbaren Speicherelemente gespei- 
chert sind, und neue Inhalte (311, 315), die in 
den Schreib-ZLese-Elementen gespeichert 
sind, enthalten. und 

Mittet zur Durchfuhrung von Dateloperatlonen 
(503) zu denen mindestens eine Schreibopera- 
tion und eine separate Auszugsoperation ge- 
horen, wobei die Schreiboperation wirkt, um die 
neuen Inhalte in die Schreib-ZLese-Speicher- 
elemente zu schreiben, wobei zum Zeitpunkt 
der Speicherung neuer Inhalte eine Entspre- 
chung zwischen den Schreib-ZLese-Elemen- 
ten, in denen die neuen Inhalte gespeichert 
werden, und unbeschriebenen einmal be- 
schreibbaren und mehrfach lesbaren Speicher- 
elementen besteht, und die Auszugsoperation 
wirkt, um die neuen Inhalte eines gegebenen 
Schreib-ZLese-Elements in entsprechende un- 
beschriebene der einmal beschreibbaren und 
mehrfach lesbaren Speicherelemente zu 
schreiben, und wobei die neuen Inhalte nur als 
Reaktion auf einen Auszugsbefehl und zu kei- 
nem anderen Zeitpunkt in die unbeschriebenen 
der einmal beschreibbaren und mehrfach les- 
baren Speicherelemente geschrieben werden, 
wobei die Auszugsoperation wirkt, um die Pri- 
mardatei wiederherstelit. so daB die wiederher- 



gestellte Primardatei nur alte Inhalte, ein- 
schlieGlich der neuen Inhalte, die durch die 
Auszugsoperation in unbeschriebenen der ein- 
mal beschreibbaren und mehrfach lesbaren 
5 Speicherelemente geschrieben werden, ent- 

halt. und wobei 

die Auszugsoperation folgendes aufweist: 
einen ersten Teil, bei dem die Schreib-ZLese- 
Elemente, in denen neue Inhalte gespeichert 
10 sind, atomatisch als ausgezogen markiert wer- 

den; und 

einen zweiten Teil, bei dem die markierten 
Schreib-ZLese-Elemente nichtatomatisch in ih- 
re entsprechenden unbeschriebenen einmal 
IS beschreibbaren und mehrfach lesbaren Spei- 

cherelemente (516) geschrieben werden. 

2. Dateisystem nach Anspruch 1 , wobei: 

atle Inhalte der Primardatei, die seit der letz- 
20 ten Auszugsoperation nicht verandert wurden, alte 
Inhalte sind, und alle Inhalte der Primardatei, die 
seit der letzten Auszugsoperation hinzugefugt Oder 
verandert wurden, neue Inhalte sind. 

2S 3. Dateisystem nach Anspruch 2, wobei: 

zu den Dateioperationen weiterhin Leseopera- 
tionen gehoren, die Inhalte einer Datei lesen; 
die Auszugsoperation weiterhin wirkt. um eine 

30 Sekundardatei zu erzeugen, die den Zustand 

der Primardatei zum Zeitpunkt der Auszugs- 
operation bewahrt und deren Inhalte in den 
durch die Auszugsoperation beschriebenen 
einmal beschreibbaren und mehrfach lesbaren 

3S Spek;herelementen und in den einmal be- 

schreibbaren und mehrfach lesbaren Speicher- 
elementen, die die alten Inhalte zum Zeitpunkt 
der Ausfuhrung der Auszugsoperation enthiel- 
ten, gespeichert sind; und 

40 an der Sekundardatei nur die Leseoperationen 

ausgefuhrt werden durfen, wobei eine Schnitt- 
stelle verwendet wird, die mit der fur Leseope- 
rationen an der Primardatei verwendeten 
Schnittstelie ubereinstimmt. 

4S 

4. Verfahren fur den Auszug einer Primardatei, die in 
einem Dateisystem mit Schreib-ZLese- (509) und 
einmal beschreibbaren und mehrfach lesbaren 
(51 9) Speicherelementen zur Speicherung von Da- 

so teiinhalten gespeichert ist, wobei die Inhalte der Da- 
tei alte Inhalte (303. 305, 307), die in beschriebenen 
der einmal beschreibbaren und mehrfach lesbaren 
Speicherelemente gespeichert sind, und neue In- 
halte (311, 315), die in den Schreib-ZLese-Elemen- 

ss ten gespeichert sind, enthalten, wobei das Verfah- 
ren die folgenden Schritte umfaBt: 

als Teil der Operation der Speksherung neuer 
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Inhalte in einem gegebenen Schreib-ZLese- 
Speicherelement, Herstellung einer Entspre- 

Chung zwischen dem gegebenen Schreib-/Le- 
se-Speicherelement und einem gegebenen un- 
beschriebenen einmal beschreibbaren und 
mehrtach lesbaren Speicherelement; und 
als Reaktion auf einen Auszugsbefehl und zu 
keinem anderen Zeitpunkt, Kopieren der Inhal- 
te der SchrelbVLese-Speicherelemente in die 
entsprechenden unbeschriebenen einmal be- 
schreibbaren und mehrfach lesbaren Speicher- 
elemente (516), 

wobei der Schritt des Koplerens der neuen In- 
halte in die entsprechenden unbeschriebenen 
einmal beschreibbaren und mehrfach lesbaren 
Speicherelemente die folgenden Schritte um- 
fa3t: 

atomatlsches Markieren aller SchreibVLese- 
Spelcherelemente. die die neuen Inhalte ent- 

halten; und 

nichtatomisches Kopieren der Inhalte der mar- 
kierlen Schreib-ZLese-Speicherelemente in ih- 
re entsprechenden unbeschriebenen einmal 
beschreibbaren und mehrfach lesbaren Spei- 
cherelemente. 

5. Verfahren nach Anspruch 4, welterhin mit dem fol- 
genden Schritt: 

Erzeugen einer Sekundardatei, die den Zu- 
stand der Primardatei zum Zeitpunkt des Auszugs- 
befehls bewahrt und deren Inhalte in den einmal be- 
schreibbaren und mehrfach lesbaren Speicherele- 
menten, die als Reaktion auf den Auszugsbefehl 
beschrleben werden. und in den einmal beschreib- 
baren und mehrfach lesbaren Speicherelementen, 
die die alten Inhalte zum Zeitpunkt des Auszugsbe- 
fehls enthalten. gespeichert sind. 

6. Verfahren nach Anspruch 5, wobei: 

vorbestimmte atte Inhalte der Primardatei zu- 
satzlich in den Schreib-ZLese-Speicherelemen- 
ten gespeichert werden; 
der Schritt des Erzeugens der Sekundardatei 
weiterhin den Schritt des weiteren atomischen 
Markierens aller Schreib-ZLese-Spelcherele- 
mente. die die neuen Inhatte enthalten, umfaBt, 
um anzuzeigen, da3 die Schreib-ZLese-Spei- 
cherelemente alte Inhalte enthalten. 



Revendlcations 

1. Systems de fichier destind ^ §tre utllis6 dans un 
syst^me d'ordinateur ayant des 6l6ments de m6- 
moire k lecture-^crrture (509) et k ^riture unique- 
lecture multiple pour mdmoriser un contenu de fi- 
chier, le systdme de fichier comprenant : 



au moins un fichier principal (111) dont le con- 
tenu comporte un ancien contenu (303, 305, 
307) qui est m6moris6 dans des 6I6ments de 
m^moire ^ Venture unique-tecture multiple 
s 6crits et un nouveau contenu (31 1,315) qui est 

m6moris6 dans les 6l6ments k lecture-6criture 
et 

un moyen pour effectuer des operations de fi- 
chier (503), les operations de fichier compor- 

10 tant au moins une operation d'6criture et une 

operation de vidage separee, I'operation d'ecri- 
ture fonctionnant pour ecrire le contenu dans 
les elements de memoire k lecture-ecriture 
dans lesquels une correspondance entre les 

IS elements k ecriture-lecture dans lesquels le 

nouveau contenu est memorise et des ele- 
ments k ecriture unique-lecture multiple non 
ecrits existe au moment ou le nouveau contenu 
est memorise et I'operation de vidage fonction- 

20 nant pour ecrire le nouveau contenu d'un ele- 

ment k lecture-ecriture donn6 dans des ele- 
ments de memoire k ecriture unique-lecture 
multiple non ecrits correspondants et le nou- 
veau contenu etant ecrit dans les elements de 

25 memoire ci ecriture unique-lecture multiple non 

ecrits uniquement en reponse k une comman- 
ds de vidage, et k aucun autre moment, I'ope- 
ration de vidage fonctionne pour retablir le fi- 
chier principal de telle sorte que le fichier prin- 

30 cipal retabli ne contienne qu'un ancien contenu 

y compris le nouveau contenu ecrit dans les 
elements de memoire k 6criture unique-lecture 
multiple non ecrits par I'operation de vidage, et 
I'operation de vidage ayant 

3S une premiere partie dans iaquelle les elements 

de lecture-ecriture dans lesquels le nouveau 
contenu est memorise automat iquement sont 
marques comme ayant ete vid6s ; et 
une deuxieme partie dans Iaquelle les eie- 

40 ments k lecture-ecriture marques sont ecrits 

non automatiquement dans leurs elements k 
ecriture unique-lecture multiple non 6crits cor- 
respondants (516). 

4S 2. Systems de fichier selon la revendication 1 , dans 
lequel : 

tout le contenu du fichier principal qui n'a pas 
ete modifie depuls la derniere operation de vidage 
est un ancien contenu et tout le contenu du fichier 
so principal qui a ete ajoute ou modifie depuis la der- 
niere operation de vidage est un nouveau contenu. 

3. Systeme de fichier selon la revendication 2. dans 
tequel : 

55 

les operations de fichier comportent en outre 
des operations de lecture qui lisent le contenu 
d'un fichier ; 
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ropdration de vidage fonctbnne en outre pour 
cr^er un fichier secondaire qui conserve I'Stat 
du fichier principal au moment de rop6ratlon de 
vidage et dont le contenu est m6moris6 dans 
les 6l6ments de m6moire k 6criture unique-lec- 5 
ture multiple Merits par TopSration de vidage et 
dans les 6t6ments de m^motre k ^criture uni- 
que-lecture multiple qui contenaient I'ancien 
contenu au moment de I'ex^cution de ('opera- 
tion de vidage ; et io 
les operations de lecture ne peuvent etre effec- 
tu^es sur le fichier secondaire qu'en utilisant 
une interface qui est la m^me que celle utilis6e 
pour les operations de lecture sur le fichier prin- 
cipal. IS 

Procede de vidage d'un fichier principal qui est me- 
morise dans un systeme de fichier ayant des ele- 
ments de memoire k lecture-ecriture (509) et k ecrl- 
ture unique-lecture multiple (519) pour m6moriser 20 
un contenu de fichier, le contenu du fichier compor- 
tant un ancien contenu (303. 305, 307) qui est me- 
morise dans des elements de memoire k ecriture 
unique-lecture multiple ecrits et un nouveau conte- 
nu (311, 315) qui est m6moris6 dans les 6l6ments 2S 
k lecture-ecriture, le proc6de comprenant les 6ta- 
pes de : 



dans les elements de memoire k ecriture unique- 
lecture multiple contenant I'ancien contenu au mo- 
ment de la commande de vidage. 

6. Precede selon la revendication 5, dans lequel : 

un ancien contenu predetermine du fichier prin- 
cipal est memorise en plus dans les elements 
de memoire k lecture-6criture ; 
retape de creation du fichier secondaire com- 
porte en outre retape de marquage automati- 
que suppiementaire de tous les elements de 
memoire k lecture-ecriture qui contiennent le 
nouveau contenu pour indiquer que les ele- 
ments de memoire de lecture-ecriture contien- 
nent un ancien contenu. 



dans le cadre de I'operation de memoire du 
nouveau contenu dans un element de memoire 30 
k lecture-ecriture donn6, etablissement d'une 
correspondence entre reiement k lecture-ecri- 
ture donne et un element de memoire k ecriture 
unique-lecture multiple non ecrit donne ; et 
en reponse k une commande de vidage, et ^ 3S 
aucun autre moment, copie du contenu des ele- 
ments de memoire k lecture-6criture dans les 
elements de memoire k ecriture unique-lecture 
multiple non ecrits correspondants (516) ; 
retape de copie du nouveau contenu dans les 
elements de memoire k ecriture unique-lecture 
multiple non ecrits correspondants comporte 
les etapes de 

marquage automatique de tous les elements 
de memoire k lecture-ecriture qui contiennent ^5 
le nouveau contenu ; et 
copie non automatique du contenu des ele- 
ments de memoire k lecture-6criture marqu6s 
dans leurs elements de memoire k ecriture uni- 
que-lecture multiple non ecrits correspondants. so 

Procede selon la revendication 4 et comprenant en 
outre retape de : 

creation d'un fichier secondaire qui conserve 
retat du fichier principal au moment de Toperation ss 
de vidage et dont le contenu est memorise dans les 
elements de memoire k ecriture unique-lecture mul- 
tiple ecrits en reponse k la commande de vidage et 
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